I am toying with the idea of using one of my Tailscale instances as traditional VPN, using the exit node features. I think I have that part down to a note as far as what has to be done in order for this to happen.

My question is if there are any security risks or security provisions that need to be made to keep the envelope secure. I am the only user of my Tailscale network, so I don’t have to worry about another user jacking things up. However, I am concerned about the implications of the visibility of the exit node I would be connecting to.

  • just_another_person@lemmy.worldEnglish
    0·
    27 days ago

    Visibility how? You don’t need to open any ingress ports on the VPS instance unless you plan on reverse proxying something back to your client node. Your client visibility will be to any endpoint you connect to, and any DERP servers you get proxied through from Tailscale.

    • F04118F@feddit.nlEnglish
      0·
      27 days ago

      The way I understand it, there’s 2 use cases for a VPN, with different concerns and providers:

      • having access to your private home network from anywhere, through an encrypted tunnel (Tailscale, Wireguard on the router, etc)
      • having your outgoing traffic to the internet go through an anonymized exit node so that your ISP can not watch or sell what you are doing (ProtonVPN, Mullvad VPN, etc)

      Is Tailscale fit for the second? I thought not, as the exit node is not an anonymized VPN server but one of your own machines.

      • effward@lemmy.worldEnglish
        0·
        27 days ago

        If you create little solar-powered micro computers and toss them onto the roof of a bunch of random businesses with public Wi-Fi, then run them as exit nodes then you could bounce your connection around through a random set.

        I didn’t come up with this, I think it was a plot point in some novel I read.

        • F04118F@feddit.nlEnglish
          0·
          27 days ago

          That’s crazy and genius!

          “I don’t do cloud computing, I do solar computing”

      • just_another_person@lemmy.worldEnglish
        0·
        27 days ago

        They’re good questions. I wasn’t being rhetorical 🤣

        It’s hard to know exactly where your concern about visibility lies, hence my question 😉

        • irmadlad@lemmy.worldOPEnglish
          0·
          27 days ago

          Nah, it’s good. I do have a knack for asking silly, basic questions. I certainly don’t have the networking prowess and certifications that some of the group here has, and I just want to be cautious, perhaps overly cautious when implementing what I have proposed. I know what an overlay vpn does, and I know what a traditional vpn like say, PIA, does. I just want to proceed with caution because the end use has serious implications if improperly deployed. At the very least I want to make myself confidant that I have covered all bases.